Note: We have deviated slightly from our initial project proposal. The updates are mentioned at the end of this page.
The application chosen is a standard in real-time systems literature: the pump (or mine) control system. The pump system has been studied in the context of dependability properties, in the TARDIS (Timely and Reliable Distributed Systems) project. The detailed system specification can be found here.
The introduction of fault tolerance in the software development process is an emerging area of active research. For our project, we are interested in modelling and simulating the behaviour of a pump control system used in a mine drainage environment, and observing how fault tolerance techniques can improve or change the performance metrics. In particular, we would like to analyze the dependability properties of the system which include the performance evaluation criterias like reliability and safety. Our model will also take into consideration timing and security requirements of the system.
We will be following an iterative development process, comprising of the stages analysis, design, code, and testing. We expect that we will have to update our initial design (models) with more details along the way, when coding and testing.The system behaviour is discrete event based, and it will be suitable to use the DEVS (Discrete Event System Specification) formalism.
We intend to start by designing the behaviour of the pump in the real world. Each subsystem (pump, environment, operator) will be modelled as an atomic or coupled DEVS model. After modelling the functional requirements, a fault injector needs to be modelled. The fault injector would send events to other models on a periodic basis, to make it (a subsystem) fail. For example, a fault sent to the communication subsystem would prevent the methane alarm to be sent to the pump subsystem from the environment subsystem, which might lead to the pump being shut off. This loss of shift might make the system unreliable. The simulation results should show how the performance varies over time in the absence and presence of faults.
Next, the model will be adapted to integrate fault tolerance techniques. Replication of sensors with majority voting is one possibility. For example, even if one of the methane sensors fails (caused by the fault injector), an event is still passed on to the subsystem based on the state of the other sensors. With the same fault injector, we would simulate the model to see how it behaves with FT means, as in, how the performance changes.
Currently, the risk factor for us is that our solution depends on the DEVS formalism and the DEVS simulator, and we have no experience in this area.
Project team: October 12, 2004
Project proposal: October 20, 2004
Prototype 1: Nov 1, 2004
Progress discussion (completed models): Mid November, 2004
Post presentation and sources: Beg. of Dec 2004
Final presentation (+ demo) in class: Beg. of Dec 2004
[1] A. Burns and A. Lister. An Architectural Framework for Timely and Reliable Distributed Information Systems (TARDIS): Description and Case Study, University of York (Computer Science) Technical Report YCS 140(1990).
[2] A. Burns and A. M. Lister. A framework for building dependable systems. The Computer Journal, Vol. 34 No. 2, April 1991, pp. 73- 181.
[3] Sadaf Mustafiz. Addressing Fault Tolerance in Software Development: A Comparative Study. M.Sc. Thesis, School of Computer Science, McGill University, June 2004.